Sophos Rolls Out Consolidated ‘X-Ops’ Intelligence Unit To More Quickly Combat Cyberattacks

‘The goal is to find (attackers) on a virtuous cycle faster and faster and faster – and then keep them out,’ says Sophos executive Raja Patel.

Raja Patel, senior vice president of products at Sophos

Cybersecurity giant Sophos has rolled out a new intelligence service that it says helps customers fend off attacks faster and more effectively than in the past.

The U.K.-based Sophos has combined three previously separate units – Sophos Labs, Sophos SecOps and Sophos AI – into one group called Sophos X-Ops, whose goal is to identity potential cyberthreats as soon as possible and provide detailed alerts to customers on how to combat probable or even ongoing attacks.

Raja Patel, senior vice president of products at Sophos, said the three groups previously communicated and coordinated intelligence gathering before the consolidation.

[RELATED STORY: HUNTRESS, SOPHOS, KASEYA SEE NO SIGN OF WIDESPREAD COORDINATED MSP ATTACK FOLLOWING THREATLOCKER BULLETIN]

But Sophos felt that its efforts could be improved if those groups were merged together, said Patel.

“What we realized was we needed to formalize the operating model in which they engage and do it repeatedly and at scale,” Patel said.

The result of the consolidation: the 500-employee X-Ops unit comprised of malware analysts, automation engineers, reverse engineers, cloud infrastructure experts and other employees in the position to more quickly provide detailed intelligence reports to customers.

X-Ops now has under one roof Sophos’ previous proactive intelligence capabilities, detection and response, and its AI data sciences organization that builds artificial intelligence automations for Sophos products.

The X-Ops capabilities will be embedded without extra cost throughout Sophos’s portfolios of products and services.

“The goal is to find (attackers) on a virtuous cycle faster and faster and faster – and then keep them out,” Patel said in an interview with CRN.

With Sophos supporting more than 500,000 customers, it’s essential for the company to keep improving its intelligence services so it can provide everyone with quick, detailed and effective intelligence, he said.

Speed is key to combating cybercriminals, Patel said. “The one thing (attackers) have on their side is time,” he said. “Attacks are happening faster and more persistently.”

Patel said another byproduct of the new X-Ops unit is more innovation, with hundreds of previously separated employees now working together to come up with new ways to find and combat attacks.

Paul Gibbs, managed IT service director at RJ Young in Nashville, Tenn., said there was a “distinctive difference” in Sophos’s intelligence service before and after X-Ops was introduced earlier this summer.

“We were able to see that their response was quicker, especially for our customers that are using the (Managed Threat Response) product,” said Gibbs, whose firm has been a long-time partner to Sophos.

He said it “seems like there‘s a lot more communication and analysis around the threats” since X-Ops was formed.

Todd O’Bert, president and CEO of Productive Corp., a Minneapolis-based security reseller and Sophos partner, said the improved intelligence services bolsters customers’ confidence in Sophos’s overall offerings.

“It shows that they have a leadership position and they‘re maintaining it,” he said.

He said cutting the time between identifying a threat and remediation is “huge” in the security business.